If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
CreateDesktop SECURITY_ATTRIBUTES
I want to create a desktop, using CreateDesktop, that non-system
process can't access. The process that creates the desktop is running as system. I don't know much about the security API functions, but I imagine it only takes a few lines of code to create a security descriptor based on the user my process is running as (so only that user has access, SYSTEM in my case), then I can pass that to my CreateDesktop call. I tried NULL to CreateDesktop, but I'm still able to bring up task manager and then launch a new explorer.exe in the new desktop... I don't want non-admin users to be able to do this, the desktop should be restricted to my process (and system processes I don't mind). I've got this code I use for creating named-pipes, which gives full access to everyone: SECURITY_ATTRIBUTES sa; memset(&sa,0,sizeof(sa)); sa.nLength = sizeof(sa); sa.bInheritHandle = TRUE; sa.lpSecurityDescriptor = &sd; InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPT OR_REVISION); SetSecurityDescriptorDacl(&sd,TRUE,(PACL)0,FALSE); I assume SetSecurityDescriptorDacl probably just needs to be replaced with one or two other functions...? |
Ads |
Thread Tools | |
Display Modes | |
|
|